CVEdetails.com the ultimate security vulnerability data source
(e.g.: CVE-2009-1234 or 2010-1234 or 20101234)
Log In   Register
  What's the CVSS score of your company?
Vulnerability Feeds & WidgetsNew   www.itsecdb.com  

Siemens : Security Vulnerabilities Published In 2013

Press ESC to close
# CVE ID CWE ID # of Exploits Vulnerability Type(s) Publish Date Update Date Score Gained Access Level Access Complexity Authentication Conf. Integ. Avail.
1 CVE-2013-6926 264 Bypass 2013-12-17 2013-12-17
8.0
None Remote Low ??? Partial Partial Complete
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote authenticated users to bypass intended restrictions on administrative actions by leveraging access to a (1) guest or (2) operator account.
2 CVE-2013-6925 2013-12-17 2013-12-17
8.3
None Remote Medium Not required Partial Partial Complete
The integrated HTTPS server in Siemens RuggedCom ROS before 3.12.2 allows remote attackers to hijack web sessions by predicting a session id value.
3 CVE-2013-6840 264 +Priv 2013-12-10 2013-12-12
6.9
None Local Medium Not required Complete Complete Complete
Siemens COMOS before 9.2.0.8.1, 10.0 before 10.0.3.1.40, and 10.1 before 10.1.0.0.2 allows local users to gain database privileges via unspecified vectors.
4 CVE-2013-4943 264 +Priv Bypass 2013-08-09 2013-08-13
7.2
None Local Low Not required Complete Complete Complete
The client application in Siemens COMOS before 9.1 Update 458, 9.2 before 9.2.0.6.37, and 10.0 before 10.0.3.0.19 allows local users to gain privileges and bypass intended database-operation restrictions by leveraging COMOS project access.
5 CVE-2013-4912 20 2013-08-01 2017-08-29
5.8
None Remote Medium Not required Partial Partial None
Open redirect vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to redirect users to arbitrary web sites and conduct phishing attacks by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
6 CVE-2013-4911 352 CSRF 2013-08-01 2017-08-29
6.8
None Remote Medium Not required Partial Partial Partial
Cross-site request forgery (CSRF) vulnerability in Siemens WinCC (TIA Portal) 11 and 12 before 12 SP1 allows remote attackers to hijack the authentication of unspecified victims by leveraging improper configuration of SIMATIC HMI panels by the WinCC product.
7 CVE-2013-4781 78 Exec Code 2013-07-18 2013-08-22
10.0
None Remote Low Not required Complete Complete Complete
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to execute arbitrary commands via unspecified vectors.
8 CVE-2013-4780 200 +Info 2013-07-18 2013-08-22
7.8
None Remote Low Not required Complete None None
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to read arbitrary files via unspecified vectors.
9 CVE-2013-4779 79 XSS 2013-07-18 2013-08-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in core/handleTw.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
10 CVE-2013-4778 200 +Info 2013-07-18 2013-08-22
7.8
None Remote Low Not required Complete None None
core/getLog.php on the Siemens Enterprise OpenScape Branch appliance and OpenScape Session Border Controller (SBC) before 2 R0.32.0, and 7 before 7 R1.7.0, allows remote attackers to obtain sensitive server and statistics information via unspecified vectors.
11 CVE-2013-3959 200 +Info 2013-06-14 2013-06-17
4.0
None Remote Low ??? Partial None None
The Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, exhibits different behavior for NetBIOS user names depending on whether the user account exists, which allows remote authenticated users to enumerate account names via crafted URL parameters.
12 CVE-2013-3958 255 2013-06-14 2013-06-17
7.5
None Remote Low Not required Partial Partial Partial
The login implementation in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, has a hardcoded account, which makes it easier for remote attackers to obtain access via an unspecified request.
13 CVE-2013-3957 89 Exec Code Sql 2013-06-14 2013-06-17
7.5
None Remote Low Not required Partial Partial Partial
SQL injection vulnerability in the login screen in the Web Navigator in Siemens WinCC before 7.2 Update 1, as used in SIMATIC PCS7 8.0 SP1 and earlier and other products, allows remote attackers to execute arbitrary SQL commands via unspecified vectors.
14 CVE-2013-3927 2013-06-18 2013-06-19
4.6
None Local Low Not required Partial Partial Partial
Unspecified vulnerability in the client library in Siemens COMOS 9.2 before 9.2.0.6.10 and 10.0 before 10.0.3.0.4 allows local users to obtain unintended write access to the database by leveraging read access.
15 CVE-2013-2780 119 DoS Overflow 2013-04-22 2020-02-10
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to UDP port 161 (aka the SNMP port).
16 CVE-2013-0700 119 DoS Overflow 2013-04-22 2020-02-10
7.8
None Remote Low Not required None None Complete
Siemens SIMATIC S7-1200 PLCs 2.x and 3.x allow remote attackers to cause a denial of service (defect-mode transition and control outage) via crafted packets to TCP port 102 (aka the ISO-TSAP port).
17 CVE-2013-0679 22 Dir. Trav. 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in the web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote authenticated users to read arbitrary files via vectors involving a query for a pathname.
18 CVE-2013-0678 255 +Info 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly represent WebNavigator credentials in a database, which makes it easier for remote authenticated users to obtain sensitive information via a SQL query.
19 CVE-2013-0677 200 DoS +Info 2013-03-21 2013-03-22
5.8
None Remote Medium Not required Partial None Partial
The web server in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to obtain sensitive information or cause a denial of service via a crafted project file.
20 CVE-2013-0676 264 +Info 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, does not properly assign privileges for the database containing WebNavigator credentials, which allows remote authenticated users to obtain sensitive information via a SQL query.
21 CVE-2013-0675 119 DoS Overflow 2013-03-21 2013-03-22
6.1
None Local Network Low Not required None None Complete
Buffer overflow in CCEServer (aka the central communications component) in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to cause a denial of service via a crafted packet.
22 CVE-2013-0674 119 Exec Code Overflow 2013-03-21 2013-03-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in the RegReader ActiveX control in Siemens WinCC before 7.2, as used in SIMATIC PCS7 before 8.0 SP1 and other products, allows remote attackers to execute arbitrary code via a long parameter.
23 CVE-2013-0672 79 XSS 2013-03-21 2013-03-22
3.5
None Remote Medium ??? None Partial None
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to inject arbitrary web script or HTML via unspecified data.
24 CVE-2013-0671 22 Dir. Trav. 2013-03-21 2013-03-22
4.0
None Remote Low ??? Partial None None
Directory traversal vulnerability in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to read HMI web-application source code and user-defined scripts via a crafted URL.
25 CVE-2013-0670 20 Http R.Spl. 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
CRLF injection vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary HTTP headers and conduct HTTP response splitting attacks via a crafted URL.
26 CVE-2013-0669 20 DoS 2013-03-21 2013-03-22
4.0
None Remote Low ??? None None Partial
The HMI web application in Siemens WinCC (TIA Portal) 11 allows remote authenticated users to cause a denial of service (daemon crash) via a crafted HTTP request.
27 CVE-2013-0668 79 XSS 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
Multiple cross-site scripting (XSS) vulnerabilities in the HMI web application in Siemens WinCC (TIA Portal) 11 allow remote attackers to inject arbitrary web script or HTML via a crafted URL.
28 CVE-2013-0667 79 XSS 2013-03-21 2013-03-22
4.3
None Remote Medium Not required None Partial None
Cross-site scripting (XSS) vulnerability in the HMI web application in Siemens WinCC (TIA Portal) 11 allows remote attackers to inject arbitrary web script or HTML via a crafted URL.
29 CVE-2013-0659 Exec Code 2013-04-01 2013-04-01
10.0
None Remote Low Not required Complete Complete Complete
The debugging feature on the Siemens CP 1604 and CP 1616 interface cards with firmware before 2.5.2 allows remote attackers to execute arbitrary code via a crafted packet to UDP port 17185.
30 CVE-2013-0656 119 Exec Code Overflow 2013-01-21 2013-01-22
6.8
None Remote Medium Not required Partial Partial Partial
Buffer overflow in a third-party ActiveX component in Siemens SIMATIC RF-MANAGER 2008, and RF-MANAGER Basic 3.0 and earlier, allows remote attackers to execute arbitrary code via a crafted web site.
31 CVE-2011-4515 255 +Info 2013-03-21 2013-05-31
4.6
None Local Low Not required Partial Partial Partial
Siemens WinCC (TIA Portal) 11 uses a reversible algorithm for storing HMI web-application passwords in world-readable and world-writable files, which allows local users to obtain sensitive information by leveraging (1) physical access or (2) Sm@rt Server access.
Total number of vulnerabilities : 31   Page : 1 (This Page)
CVE is a registred trademark of the MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. CWE is a registred trademark of the MITRE Corporation and the authoritative source of CWE content is MITRE's CWE web site. OVAL is a registered trademark of The MITRE Corporation and the authoritative source of OVAL content is MITRE's OVAL web site.
Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.